Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system.
The flaws impact SMA 200, 210, 400, 410, and 500v products running versions 9.0.0.11-31sv and earlier, 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier. The San Jose-based company credited security researchers Jake Baines (Rapid7) and Richard Warren (NCC Group) for discovering and reporting the shortcomings.
The list of eight security vulnerabilities identified in its remote access products is as follows -
- CVE-2021-20038 (CVSS score: 9.8) - SMA100 Series unauthenticated stack-based buffer overflow vulnerability
- CVE-2021-20039 (CVSS score: 7.2) - SMA 100 Series authenticated command injection vulnerability as root
- CVE-2021-20040 (CVSS score: 6.5) - SMA 100 Series unauthenticated file upload path traversal vulnerability
- CVE-2021-20041 (CVSS score: 7.5) - SMA 100 Series unauthenticated CPU exhaustion vulnerability
- CVE-2021-20042 (CVSS score: 6.3) - SMA 100 Series unauthenticated "Confused Deputy" vulnerability
- CVE-2021-20043 (CVSS score: 8.8) - SMA 100 Series "getBookmarks" heap-based buffer overflow vulnerability
- CVE-2021-20044 (CVSS score: 7.2) - SMA 100 Series post-authentication remote code execution (RCE) vulnerability
- CVE-2021-20045 (CVSS score: 9.4) - SMA 100 Series unauthenticated file explorer heap-based and stack-based buffer overflow vulnerabilities
Successful exploitation of the flaws could allow an adversary to execute arbitrary code, upload specially crafted payloads, modify or delete files located in specific directories, reboot system remotely, bypass firewall rules, and even consume all of the device's CPU, potentially causing a denial-of-service (DoS) condition.
While there is no evidence that these vulnerabilities are being exploited in the wild, it's highly recommended that users move quickly to apply the patches in light of the fact that SonicWall devices have become a lucrative target for threat actors to launch a slew of malicious actions in recent months.